SnippingTool[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SnippingTool.exe
Size

465KB
MD5

e8c335f4a5fdcb462204900336fe08bc
SHA1

72242077e4b31aa08c4e61ceda2546ef7c0d7ca8
SHA256

12e2e2f606c44fb5686adc859ec3557ca23313dc8fdcd159860a1f49b61eaed2
SHA512

e09544ad5d85485e2b12068fce5394d03b8ba78c74f68eb63381cf7de58ead6c29d9e7db53a010eb03e3b6e1e74a3d9a6e6d9c27910518df6113bde85dc60a45
SSDEEP

6144:xapYd6qlzv5ramZBBXH5d85i5K1XH+6k3T+cbJ51o5MsB40L5D7:x6qlj9xiXvkCIJ5IhK09

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SnippingTool.exe

Files

SnippingTool.exe
.exe windows:10 windows x86

ccbb6ef0631296067731aaec62958c3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW

kernel32

GetProcessHeap
HeapFree
HeapReAlloc
HeapSize
DeleteCriticalSection
InitializeCriticalSection
GetLastError
GlobalAddAtomW
GlobalDeleteAtom
RaiseException
ExpandEnvironmentStringsW
LoadLibraryW
GetProcAddress
FreeLibrary
GetTempPathW
DeleteFileW
HeapSetInformation
RegisterApplicationRestart
LeaveCriticalSection
EnterCriticalSection
SizeofResource
HeapDestroy
LockResource
LoadResource
FindResourceExW
CreateFileW
WideCharToMultiByte
WriteFile
CloseHandle
Sleep
GetSystemDefaultUILanguage
GetVersionExW
GlobalFree
lstrlenW
MultiByteToWideChar
lstrlenA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
SetLastError
CreateMutexW
ReleaseMutex
LocalFree
GetModuleHandleExW
GetModuleFileNameW
LocalAlloc
GetModuleHandleW
HeapAlloc

gdi32

CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CombineRgn
GetStockObject
Rectangle
SelectObject
GetDeviceCaps
DeleteObject
SetTextColor
SetBkMode
GetLayout
GetClipRgn
SelectClipRgn
GetObjectW
CreatePolygonRgn
OffsetRgn
FillRgn
StartDocW
SetBrushOrgEx
SetStretchBltMode
StartPage
DeleteDC
StretchBlt
CreateCompatibleDC
EndPage
EndDoc
PatBlt
CreatePen
SetLayout
CreateDIBSection
CreateCompatibleBitmap
BitBlt

user32

LoadImageW
UnregisterClassA
EndPaint
DefWindowProcW
SetWindowLongW
GetWindowLongW
RegisterClassW
SetClassLongW
LoadCursorW
ReleaseDC
ShowWindow
SetScrollInfo
GetScrollInfo
SetFocus
PostMessageW
LoadMenuW
AdjustWindowRectEx
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetCursor
GetIconInfo
GetWindowTextW
CallWindowProcW
CopyRect
TrackPopupMenuEx
GetWindowRgnBox
UnregisterHotKey
DestroyMenu
CheckMenuRadioItem
GetWindowRect
TranslateAcceleratorW
LoadStringW
CreateWindowExW
AdjustWindowRect
RegisterHotKey
DestroyWindow
SetWindowTextW
IsZoomed
DialogBoxParamW
CheckDlgButton
IsDlgButtonChecked
IsWindowVisible
GetSystemMetrics
GetClientRect
DrawFocusRect
DrawTextW
InflateRect
FillRect
SendMessageW
EndDialog
SystemParametersInfoW
LoadIconW
SetCapture
MapWindowPoints
GetDlgItem
GetDC
SetForegroundWindow
OpenIcon
FindWindowW
MessageBoxW
GetSysColor
SetWindowPos
GetMonitorInfoW
GetSubMenu
MonitorFromWindow
DrawIconEx
GetWindowDC
GetDesktopWindow
PostQuitMessage
OffsetRect
GetProcessDefaultLayout
DispatchMessageW
TranslateMessage
GetMessageW
LoadAcceleratorsW
GetParent
GetClassNameW
SetClipboardData
EmptyClipboard
OpenClipboard
CloseClipboard
SetRect
LogicalToPhysicalPoint
IsIconic
GetWindow
PtInRect
EnumDisplayMonitors
IntersectRect
SetPropW
GetPropW
InvalidateRect
UnionRect
BeginPaint
ReleaseCapture

msvcrt

_ftol2_sse
__CxxFrameHandler3
_CxxThrowException
strchr
free
_vsnwprintf
_wcsicmp
memcpy_s
wcscspn
wcsspn
memmove_s
_except_handler4_common
_controlfp
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UAE@XZ
realloc
_errno
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memset
_callnewh
vswprintf_s
_vscwprintf
strstr
_resetstkoflw
malloc
memcpy

ntdll

WinSqmIncrementDWORD
EtwTraceMessage
WinSqmIsOptedIn

gdiplus

GdipSaveImageToStream
GdipMeasureString
GdipSetStringFormatFlags
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateStringFormat
GdipCreateFontFromLogfontW
GdipDeleteStringFormat
GdipDeleteFont
GdipDrawString
GdipFillRectangle
GdipCreateLineBrushFromRect
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipSetSmoothingMode
GdiplusStartup
GdiplusShutdown
GdipDeleteGraphics
GdipFillRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateFromHDC
GdipFree
GdipAlloc
GdipFillEllipseI

comctl32

ImageList_Create
ImageList_Add
ord380
ImageList_Destroy
ord345
InitCommonControlsEx

comdlg32

PrintDlgExW

shlwapi

UrlCreateFromPathW
PathFindExtensionW
PathIsURLW
StrChrW
ord487
PathFindFileNameW
PathRemoveExtensionW

shell32

ShellAboutW
ord75
SHCreateItemInKnownFolder

ole32

CoTaskMemFree
CoUninitialize
StringFromCLSID
CoCreateGuid
CoCreateInstance
CreateStreamOnHGlobal
CoInitialize

oleaut32

SafeArrayGetElement
SafeArrayGetUBound
VarBstrCat
SysAllocStringLen
SysStringLen
SysAllocString
VariantClear
VariantInit
SysFreeString
SafeArrayPutElement

uxtheme

GetThemeSysFont
GetThemeSysColor

oleacc

AccessibleObjectFromWindow

dwmapi

DwmGetWindowAttribute

msdrm

DRMIsWindowProtected

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ccbb6ef0631296067731aaec62958c3f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

gdiplus

comctl32

comdlg32

shlwapi

shell32

ole32

oleaut32

uxtheme

oleacc

dwmapi

msdrm

Sections

.text Size: 167KB - Virtual size: 166KB

.data Size: 1024B - Virtual size: 10KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 279KB - Virtual size: 278KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 167KB - Virtual size: 166KB

.data
Size: 1024B - Virtual size: 10KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 279KB - Virtual size: 278KB

.reloc
Size: 9KB - Virtual size: 8KB